[jboss-jira] [JBoss JIRA] Created: (AS7-1838) Add support for pre-digested passwords to AS7 domain realms
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Thu Sep 15 07:15:26 EDT 2011
Add support for pre-digested passwords to AS7 domain realms
-----------------------------------------------------------
Key: AS7-1838
URL: https://issues.jboss.org/browse/AS7-1838
Project: Application Server 7
Issue Type: Task
Components: Domain Management, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 7.0.2.Final
Storing plain text passwords means that should the file containing these passwords be compromised not only could the passwords be used to access the AS instance they were using the passwords could potentially be used for any systems secured with the same passwords.
The pre-digested passwords will be digested with the username, password and realm - this will mean that although they still need to be kept secure to prevent access to the AS instance they secure they will not be useful for gaining access to different systems secured with different realms.
(As backwards compatibility is to be retained AS 7.0.2 will have this feature switched off by default leaving the end user to choose to switch it on - for AS 7.1.0 this will be reversed making it the default for out of the box)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list